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Abstract- In the recent years, Wireless Sensor Networks (WSNs) provide an economically feasij^^olution 
to a diversity of applications. The applications include object tracking and environment|ftmenitoring. 
H owever, security of sensor nodes is critical because of the unattended nature of the netwrfjowfl thus they 
are prone to many attacks. One such attack is the node replication attack whictxprmipts the entire 
network by compromising few sensor nodes. Few of the techniques are proposacSiVaetect the node 
replication attack using witness finding strategy and centralized detection meWjifi/are used for static 
networks. These methods incur high communication and memory overheadsjwfi^rcluce problems related 
to security and efficiency. This paper proposes to solve these issues using rf^hced extremely Efficient 
Detection (Enhanced XED) and integrated Artificial Immune Systerr|g^iWii£)»model to detect the clones 
which are not resilient against collusive replicas. The advantagesV^df'proposed method include (i) 
increase in the detection rate, (ii) decrease in the false rates, ^^effectiveness and (iv) low energy 
consumption. The performance of the proposed work is measuragjJsifi^ Bandwidth, M essage drop, Energy, 
Overhead, Average Delay and Packet Delivery Ratio. The imp I agitation is done using ns2 to exhibit the 
actualityof the proposed method. #A ♦ 
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/&V Introduction 



A Wireless Sensor Network (WSN) comtfrrapof a number of resource constrained sensor nodes. WSNs are 
generally deployed in harsh and hofcrt^Trvironment. The applications of WSN range from object tracking 
to environmental monitoring. S^un\o\wSN is a crucial task. WSNs are often unattended and are prone 
to different kinds of attacks wriSb includes jamming and eavesdropping in the network. Out of these 
attacks node replication atta^raipn/ulnerable one as it may cause injection of false data in the network or it 
may even cause a worrr^^OTtack. The node attack compromises a sensor node and replicates it by 
gathering the secret ir^^s^ton and deploys in the network. 

A collection of rtefcops have been proposed to detect replica nodes in static [2-4] and also in mobile WSNs 
[5-8]. In the staS^wSN s, the detection methods detect the cloned nodes in a distributed approach rather 
than the centralized one. In the distributed approach, a set of witness nodes are used for detection process. 
In whiclni^Wploys the information that nodes which have the same ID at different locations are detected 
as replOfca nodes. 



asnjoiK 
TR^ft. 



Th^ftection methods in mobile WSNs are generally classified as centralized method, hypothesis method 
and distributed encounter methods. Based on the hypothesis testing, a node broadcasts its location ID 
when it enters a communication range. The base station receives the location of the new node 
probabilistically from the set of nodes in the communication range. The base station, then evaluates the 
velocity of the newly arrived node and analyze it to the limits defined by the system. A subsequent number 
of samples about a particular node are collected by the base station to decide whether it is a cloned node or 
not. In the encounter based methods, a random number is exchanged when two nodes meet for the first 
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the performance of the WSN is degraded 
The main objective of this work is to accurately detect the self/non self-nodes from the senso#» network 



time. When they happen to meet again, they examine each other for the exchanged numbers. When a 
particular node fails to respond with the correct random number they are detected as a replicated node. 

The node replication attack induces some negative effects in the network. The undetected malicious clones 
affect the operations of the network. The detection methods introduce an added storage and 
communication overheads in the network. At last, few detection methods incorrectly recognize, a subset of 
valid nodes as replicated nodes and revokes the detection process. As a consequence, these nodes are 
inadequate to perform the operations of the communication and sensing protocols of the network thereby 

enso*»ne{wc 

This is considered as a necessary process because the node replication attack is significantly brn^l to the 
networks because the replicas, which have legitimate keys and are controlled by the adv»3|y>can easily 
launch the insider attacks without easily being detected. The hybrid technique is don^byS^bridization of 
the distributed replica detection scheme, XED with iAIS model. Initially nodes arei^^nted to the XED, 
where communication cost can be fixed and location information of the node is ap\r^uired for detection 
of replication nodes. Then detected replica nodes are passed to the iAIS whichCjjffither checks the nodes 
with certain conditions and finally desires the node as replica or not. By thif^brid technique, detection 
accuracy can be maximized. 

This paper constructs as follows, Section 2 describes the previous \^^^k)ne for this application followed 
by its merits and demerits. Section 3 explains about the procCs^ work of XED how it solves the 
optimization problems, and integrated AIS model which detec^mfie replica nodes in detected clones. In 
Section 4, evaluation results are provided for the proposed ^yyk^nd it is compared with the existing work. 
The final conclusion of this work is given in Section 5. 




2. Li terankre Su r vey 

Randomized Multicast (RM) is the first proto^l proposed by Parno et al [2], which distributes location 
claims to a randomly selected set of witnrfsVapWes. The second protocol, Line- Selected Multicast (LSM), 
exploits the routing topology of the nettfOwSto select witnesses for a node location and utilizes geometric 
probability to detect replicated n^d^VtsfRM, each node broadcasts a location claim to its one-hop 
neighbors. Then, the witness nocrts^Ve randomly selected within the communication range by each 
neighbors to forward thelocatioAUaim. When there exists a conflicting location claim in one of the witness 
nodes, then the replicated ^wcjie^xists in the network. The main aim of the LSM is to reduce the 
communication cost andi^^fease the detection probability. The intermediate nodes stores the location 
claim and act as witnesfci^ies. With the help of these intermediate nodes, a line is drawn across the 
network and the intw^rtion of two lines becomes the evidence node of receiving conflicting location 
claims. vCv^ 

Kai Xing [9]fltfdposed two replication detection schemes (Time Domain Detection (TDD) and Space 
Domain LTifMtion (SDD)) to undertake challenges from both the time domain and the space domain. This 
theoretffS^aYalysis indicates that TDD and SDD provide high detection accuracy and excellent resilience 
aaflTfoiresilart and colluding replicas and have no restriction on the number and distribution of replicas. The 
mWiaH also incurs low communication overhead. The TDD and SDD are the only approaches that support 
mobne networks and place no restrictions on the number and distribution of the cloned frauds and also on 
whether the replicas collude or not. 

Location-aware clone detection protocol successfully detects clone attack proposed by Zhongming et al's 
[D] which has little negative impact on the network lifetime. Probably, the location information about 
sensors and randomly select witness nodes are utilized in a ring area to verify the privacy of sensors and to 
detect cloned attacks. The ring structure facilitates energy efficient data forwarding along the path towards 
the witnesses and the sink. The traffic load is distributed across the network, which considerably improves 
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the network lifetime. This protocol gives the result of maximum clone detection probability with trustful 
witnesses. 



Conti, M [11] proposed a method to detect the node replication attack. This work is processed in two steps: 
First, the desirable properties of a distributed mechanism for the detection of replicated IDs is analyzed; 
second, a distributed solution is proposed for the detection of replicas that does not completely fulfill the 
requirements. Thus, the design of efficient and distributed protocols to detect node identity replicas is still 
an open and demanding issue. 



Ho et al. [3] Introduced a detection scheme for mobile sensor networks, which follows sec^Ohl 
probability ratio test. However, the efficiency of this scheme relies on the involvement of the b^se station, 
easily incurring the problems of single-point failure and fast energy depletion of the sensorjaJfl^around 
the base station. «f^CJ 

A novel protocol, called extremely Efficient Detection (XED), is proposed by Chia-Nft^^et al [6], to resist 
against node replication attacks in mobile sensor networks. The merits of XED jjp{^j^s (i) only constant 
communication cost is required for replica detection; (ii) sensor nodes locationin&rtnation is not required. 
Performance analyses and comparison with other methods demonstrate the effusiveness of this protocol. A 
comparison of the existing detection methods is done and Table lsummariieslJfe same. 

Table lSurvey on various techni 



Year 


Author 


Techniques 


Observations 


2005 


B. Parno, A. 
Perrig, and V. 
Gligor 


Randomized M ulticast tftaCfme- 
Selected Multifesi 


Reduce the communication costs 
1 ncreases the probability of 
detection 


2008 


H o et al 


SequjgnVw Probability Ratio 

p 


Easily incurring the problems of 
single point failure 

Fast energy depletion of the 
sensor nodes around the base 
station 


2008 


Chia-Mu YpeSlF 

NO* 


Extremely Efficient Detection (XED) 


Constant communication cost is 
required 

Sensor nodes local information is 
not needed 


20 B_ 

of 


^J*Kai Xing 


Time Domain and Space Domain 
Detection 


Resilience against smart attacks 

No restriction on number and 
distribution of the replicas 


20 B 


Zhongming et al 


Location-aware clone detection 
protocol and Ring area to verify the 
privacy of sensors 


Produces maximum clone 
detection probability with trustful 
witnesses 



Due to the literature survey, it is observed that XED algorithm is efficient in terms of communication cost. 
Hence an attempt has been made to improve the existing XED algorithm in terms of detection accuracy. 
The next section discusses the proposed method. 
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3. Proposed Method 

The proposed work [1] [12] here is done by using XED analysis and it is combined with the concepts of B- 
cells, T-cells and Dendritic Cells in a unified system. In this section, XED is analyzed which is widely used 
for detection of clones in mobile WSNs. 



The XED method is one of the information exchanged based detection method. In which the detection is 
based on the information exchanged and not based on the location information. In the XED method, the 
detection is based on the challenge and response strategy. The challenge and response strategy d,estffl1|es 
that if the nodes slmeets another node s2 for the very beginning time, then random number is gef>^|ted 
and it is added to the random number set. After that, when it meets further, request is generated^" issuing 
random number and it is checked with the random number which is already generated. 

When the generated random number does not match, then they are marked as replic&nocfcand added to 
the replica node set. Meanwhile, if it matches, it is marked as self, node and adde»^^h^t set. The XED 
method is effective only when there is no communication between the replicas. WU^rj/he communication 
happens to occur, then they can exchange the recently shared random numbeLT^a result, the detection 
ability is degraded. In order to overcome the above drawback, the Enhanced XE^nethod is proposed using 
the packet loss (PL) and average efficiency, which are calculated for e^d*>rid> every node in the network. 
When the PL occurs, they are taken upon for further processing, but i^^^erot occur, then the node is sent 
to the self-node set. 

When the PL has occurred, the average efficiency of the nod^Js calculated. After that a threshold is 
assigned and if the node has a greater threshold value, thenJtte average efficiency of each node is compared 
with the existing random number set. If the matching b^n^pthem occurs them occurs immediately they 
are stored in the self-node set and marked as semi- mMeDC. Otherwise the node is compared with the 
replica node set. If it matches, then they are stored irvfHreplica node set and mark them as mature DC. 

The confession of replica detection is done/*&ng enhanced XED alone. The proposed method employs 
integrated Artificial Immune System (iAIS^/foi^fhrther decision process. The obtained mature DC and the 
semi mature DC sets are passed to the iAjfli^ 




Generate Random No 
Random No S et 




Check whether the Awtaj? 
Efficiency is greater than the 




Figure 1 Flow Diagram of Enhanced XED 
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A. Detection using an Integrated AIS Model (iAIS) 



In the literature for obtaining secure routing in MANETs neither self/non-self nor danger theory paradigm 
is used. Here the combining concepts of B-ceils, T-cells and Dendritic Cells (DCs) in a unified system are 
used with an enhanced XED method for clone detection. 



The B- cell model does the activity of adaptive immunity, which removes the antigens by launching an 
attack. It is presented by using the classical context of the self-non- self-discrimination paradigm. The two 
phases of the B- cell model are the learning phase and the operational phase. The benign behavior jfTlhe 
system is done in the learning phase. W her eas, in the operational phase, the received antigen isdasslQsl as 
self or nonself. ~ 



The basic model of the DCs is inspired from the innate immune system. The innate immur^(^lbm is an in 
built immune system that defends against the antigens. The DCs act as a first line of tfifertae. It represents 
the functional behavior starting from sampling Ag in the tissue till determining the a^y.tof the tissue as 
safe or dangerous. The DCs determine the co- stimulation level by processing the^aig^Js which are present 
in the tissue at the time of sampling. When the co- stimulation threshold ej^^k, then the dangerous 
context is transformed to the mature state and the safe context is transmitted KtfVe semi- mature state. 

To present the sampled Ags by DCs in thymus and maturation/activ^^qf/T-cells the basic Dendritic cell 
model is extended. Here the result of the enhanced XED model, n^^l^the two states mature and semi- 
mature states are migrated to the thymus and check the sampleiXayfrom the enhanced XED method to 
theT- cells. 





Figure 2: Flow Diagram of iAIS 
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When the matching occurs between the sampled Ags and the T- cells, again, it is checked whether it is a 
mature DC. If it is a mature DC, then the appropriate!- cells are marked asT- helper cell and stored it in 
the T- helper cell detector set. The incoming Ags is matched with the T- helper cell detector set. If it 
matches, then the Ag is declared as non- self. The B- cells are mutated for affinity maturation. The detected 
B-cells are marked as memory detector. Otherwise the B- cell detector set is marked as unchanged and they 
are declared as self-node. The pseudo code of the proposed methodology is illustrated in Table 3 



Table 3 Pseudo code for proposed methodology 



Input: packet 

Declare: Average efficiency asAE and packet loss as PL 
Output: replica node or self node 
Algorithm 

For each packet transfer from source node 
While not destination nodedo 

Node communicate with other node 

If (meet first time) then 

Generate random number and add to rai 



set 



then 



Else 

Request for random number is; 
If (random number issued is rrv 



Declare as self node 



Else 



set 





rK^r number 



ndom number set) 



Declare as replica 



nd add replica node to replica 



8 




End if 
End if 

Calculate a?^r>ach relay nodes 
If (PL is/rt«*red) then 
^utabl AE of a node 
hreshold) then 

0omparethe AE with random number set 
TMrhatch) then 
Declare as self node 
Else 

If (node is matched with the replica node set) then 
Declare as replica node 
End if 
End if 

M igrate Replica node to thymus 
Check Ag with T cells 
If (match) then 
If (Mature DC) then 
Matching T-cell become T-helper Cell 
Add to T-helper cell detectors Set 
M atch Ag to T-helper cell detector 
lf(match)then 

Declare Ag as non self Ag 

Mutate B- cells detector for affinity maturation with Ag 
M ark B-cells detector as memory detector 
Else 
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Declare Ag as self Ag 

Leave B-cells detector Set unchanged 
End if 
Else 

Delete matching T- cell 
Generate non-negative T-cel I 
Add to T-cells detector Set 

End if 

Else 

Leave T-cells detector DB unchanged 
End if 
End if 
Else 

Declare as self node 

End if 
End if 
Else 

Declare as self node 
End if 
End while 
Next 



In the experimental analysis, the mobile based sensor 
with proposed Hybrid Enhanced XED - iAIS met 
Enhanced XED combined with integrated AIS mo 
this technique is summarized below in the Table 



4. Experimental 

or nrt^r* behavior and its performance are analyzed 
hcrtS^he analysis is made in the hybrid techniques 
odeVTO simul 



imulation parameters used while implementing 



Tab I. 



I^Qm 



ulation Parameters 



Si r<iiw™/P aram eter 


Value 


Propagation 


TwoRayGround 


^> Mac 


802_L 


^jwrmension of the topography 


D00 


^ Y dimension of the topography 


1)00 


Adhoc Routing 


AODV 


No of nodes simulated 


50 


Cp 


CbrX) 


Sc 


nodes50mob 


Simulation time 


500 seconds 


Energy 


EnergyModel 


Initial Energy 


1)00000 


Bcell_detectorRef 


5 


Bcell_detectorThr 


4 


Aodv Minimum Neighbor 


6 


Aodv Security Duration 


2 
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The performance of this work is measured using the bandwidth, message drops, energy, overhead, average 
delay, PDR graphs which shows its efficient result towards the clone detection and identification of replica 
nodes in WSN. These results are discussed briefly below 

The values obtained for routing packets, packet delivery ratio, normalized routing load, routing overheads, 
average Hop Counts, Average Delay in seconds, dropped data packets and dropped data bytes shows this 
efficiency towards clone detection in WSN. 



Bandwidth - The bandwidth is defined as the maximum amount of data that can be transferred betweerf^tfie 



two nodes without disturbing the other progress in the network. 



Vxgraph 



|Close||Hdcpy1|About| 
Average Throughpul(Kbps) 



Graph for Bandwidth 



XED 

XED+ iAIS 



Graph forijMigJps 



Figure 3: Comparison Graph for BandwiifnN 

h grapl 




sis 

XED 



Figure 4: Comparison Graph for Message-Drop 



The Figure 3 shows the bandwjjtji graph for AIS, XED and for Hybrid Enhanced XED-IAIS. Where, XED 

roposed Hybrid Enhanced XED-I 
mobile WSN is shown behind it. 



shows higher bandwidth valuemn^proposed Hybrid Enhanced XED-IAIS takes lesser bandwidth than the 
both. And herethe node^n^MDn in 



MessageDrops- Tl^^^hc represents the overall system loss when it isin an unsustainable state. 

The Figure 3-mo^the graph of message drops for AIS, XED and for Hybrid Enhanced XED-iAIS. Where, 
XED showfcft^Ker message drops value and proposed Hybrid Enhanced XED-IAIS takes lesser message 
drops tb^spe both. 



Er^p) 



ErTkc/- The percent energy consumed by a node is calculated as the energy consumed to the initial energy. 
And from that finally the percent energy consumed by all the nodes in a scenario is calculated as the 
average of their individual energy consumption of the nodes as defined in equation (]). 



Average Energy Consumed = 



Sum of Percent Energy Consumed by all nodes 
Number of Nodes 



(1) 
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Graph for Overhead 













I — jr- 




Figure 5: Comparison Graph for Energy 



Figure 6: Compari 



The Figure 4 shows the graph of energy required for AIS, XED and for Hybrid 
XED takes higher energy and proposed Hybrid Enhanced XED- iAIStakeslesse 



Overhead - This is the ratio of total numbers of control packets 
packets received during the simulation time given in equation (2). 

overhead - 




ph for Overhead 




XED- iAIS. Where, 
ergy than the others. 

to the total number of data 



data packets revived 



control pa 



The exceeding Figure 5 shows the graph of overhe 
Where, XED takes higher overhead and propose^ 
the others. 




generated 



AIS, XED and for Hybrid Enhanced XED- iAIS. 
rfd Enhanced XED- iAIS takes lesser overhead than 



Packet Delivery Ratio (PDR) - The rat] 
destinations and the total number q 



<dr\e< 



een the numbers of packets successfully received at the 
sent by the sources defined in equation (3). 



ie ratrn^ 

Dfp^ 

V % received packets 

PDR = : — -7—. * 100 



sent packets 



(3) 



V 


CP 




Graph lor PDR 
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Graph for Average Delay 
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Figure 7: Comparison Graph for PDR 



Figure 8: Comparison Graph for Average Delay 
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The Figure 6 shows the graph of PDR for AIS, XED and for Hybrid Enhanced XED- iAIS. Where, XED takes 
higher PDR and proposed Hybrid Enhanced XED- iAIStakes higher PDR while comparing with each other. 

Average Delay - The average delay is calculated by taking the average of delays for every data packet 
transmitted to the total number of received packets as defined below in equation (4). The parameter is 
measured only when the data transmission has been successful. 



Average Delay = 



Sum of All Packets Delay 



(4) 



Total No of Received Packets 

The exceeding Figure 7 shows the graph of average del ay taken for AIS, XED and for Hybrid Enhawced>XED 
iAIS. Where, XED takes more average delay and proposed Hybrid Enhanced XED- iAIS takadt?^; 
delay while comparing. «f^w^ 



eckXE 



The overall comparison results for the bandwidth, M essage drop. Energy, 0 veiTiead^^ige delay and the 
PDR is shown in the table below. -*»V^ 



Table 5 Results comparisons of proposed hybrid enhanced XED 



/^w 



with XED 



Metrics 


Existing Techniques Result 
(Kbps) 


Proposed Tecl^^^sjResult 


Improvement 

(%) 


Bandwidth 


28,0000 


\ ^u^MO 


17. 8 


Message drop 


22,0000 




9 


Energy 


24,0000 


23,0000 


4.1 


Overhead 


]5,0000 


14,0000 


6.6 


Average 


18,0000 i 


17,0000 


5.5 


PDR 


78,2000 "V 


79,0000 


10 



The above Table 5 clearly shows the perc 
of the proposed technique Hybrid 
proposed work improves its perron* 
than other metrics. 



i of improvement achieved for various performance metrics 
'XED- iAIS method while compared with existing XED. The 
all the metrics, where the bandwidth is improved much better 



5. Conclusion 



In mobile WSN, clonafffltf^ion is a present issue where they are affected by a node replication attack. The 
proposed work stuj^Clplica detection methods used to mitigate node replication attack. The proposed 
work is extendeaA^eombining integrated Artificial Immune System, which is energy efficient, reducing 
processing oy^nN^ls and it is suitable for deployment on identifying replica nodes in mobile WSN. The 
experimentaftaralysis graphs of proposed Hybrid Enhanced XED- iAIS are compared with existing AIS and 
XED wbjJh^pows that average delay, energy, overhead and message drops of Hybrid Enhanced XED- iAIS 
isaaicfci^n with higher PDR value. This proves that the proposed technique of XED with integrated AIS is 
^de|t towards clone detection and replica identification. 
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